# Fail2Ban filter for sieve authentication failures
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = (?:cyrus/)?(?:tim)?sieved?

failregex = ^%(__prefix_line)sbadlogin: \S+ ?\[<HOST>\] \S+ authentication failure$

ignoreregex = 

# Author: Jan Wagner <waja@cyconet.org>
